Posted
by
timothy
on Wednesday August 13, 2008 @06:16PM
from the ofsted-is-spooky dept.

Barence writes "Big Brother Britain moved a step further today with the news that the Government will store 'a billion incidents of data exchange a day' as details of every text, email and browsing session in the UK are recorded. Under new proposals published yesterday, the information will be made available to police forces in order to crack down on serious crime, but will also be accessible by local councils, health authorities and even Ofsted and the Post Office. The Conservatives have criticised the idea, with the Shadow Home Secretary saying, 'yet again the Government has proved itself unable to resist the temptation to take a power quite properly designed to combat terrorism to snoop on the lives of ordinary people in everyday circumstances.'"

I wonder what would happen if somebody decided to record and archive all "incidents of data exchange" on the UK government's end, and then make that data publicly available?

I mean, obviously you'd want to avoid getting the public's data that the government is recording, otherwise they'd probably record you recording their records, and the feed back loop would cause BT workers to commit sepuku. On the other hand, would that be a bad thing?

"This will include an awful lot of banking data" and "I wonder what would happen if somebody decided to record and archive all "incidents of data exchange" on the UK government's end"

Its an interesting idea, but it would never be allowed to happen, as the people in power make the laws and so they will always create new laws to keep covering up what they do. They would cover it up by implying it was to protect the country, but it would actually be protecting people in power, from being removed from power b

I was born in the UK and moved to the USA in '95. One of the reasons I do not wish to move back is because of this type of thing. They already have cameras everywhere, and can track you in your car from one end of the country to the other.

When I talk to people in the UK about this, they almost always shrug their shoulders and say that you shouldn't speed, although they do think that it's getting out of hand.

I'm not sure how the people will stop this, as it looks like the Labour party has gone nuts, and an election is years away.

I'm still proud to be British; I'm just glad I'm not living there right now.

Seriously, though, if you want to solve the problems of government intrusion, you gotta open source the government.

To make any significant change to the deeper power structures of any large government you need a revolution. People in positions of global scale aren't going to give up that power just because you have a lot of signatures on a petition. You cannot vote high ranking bureaucrats and lobbyists out of power. But for ordinary citizens to attempt to use force to uproot those currently in positions of power would require them to be "terrorists" (gasp!) The only way to take down a large modern government without warfare is to wait for it to collapse under it's own bloated weight like the USSR did.

"When Metascore implementations form within communities, they will periodically ask the existing government (or other authority) to cede power to the open source communities pertinent to their region."

Yeah, the State and Federal governments are really gonna respect that. There are two scenarios that could realistically happen, One is the perpetual ineffectuallity of something like The Second Vermont Republic. [csmonitor.com] Where it is just ignored until it becomes a joke, or you get The Montana Freemen, where a belief in individual sovereignty is repudiated by Federal Agents with big guns and armored vehicles, while any valid claims for secession are ignored by the media in favor of painting you as nutjobs. You don't actually think that government owned voting machines are ever going to show a vote in favor of secession or major government restructuring do you ?

Encryption is no obstacle in Great Britain, home of the Regulation of Investigatory Powers Act. If the authorities don't like anyone who uses encryption, they will simply demand the keys under RIP. If they don't like what they see or no key is provided, they will lock up the individuals concerned and throw away their own key, since the law essentially deems anyone using encryption guilty until proven innocent.

it's called a duress key. you give it to them and all they see is boring nonsense you want them to see. if that isn't enough then you never had a hope to begin with and you were going to jail no matter what so it's a moot point.

Unless the drive manufacturers are doing something way, way outside the spec, S.M.A.R.T. monitoring does not record any such access pattern statistics. It merely records a total read count for the entire device, total error counts for the entire device, etc.

At best, you could obtain the block remapping information and prove that any block that was remapped must have been written to at least once over the lifetime of the device. You could not prove that the remapping was not done during the factory burn-in

The point is that if everyone starts using encryption (or even say 5%), you're talking about millions of people. Do you really think the government is going to lock up a couple of million people? There aren't enough jails to hold them all. You'd end up with a situation along the lines of file-sharing. Is it illegal? Yes. Can you be punished for it? Yes. But is it likely? No. So long as the number of criminals far outstrips the ability to prosecute them all, people will continue being "criminals".

That's not entirely accurate. You must handover the key to any suitably authrorised individual upon demand. If they don't ask, you do not have to give it.

But the solution is easy. Start flooding the internet with encrypted data. The government will not be able to cope with the demand and will begin to ask for keys. They will next forbid the use of encryption unless specifically authorised. This will affect business although the companies will undoubtedly comply. The next stage is to flood the internet

If you use encryption in the UK without giving your private key to the authorities, then you're already breaking the law.

Not quite... if I understand the law correctly (and I hope I do, it affects me), failure to provide the authorities with effective keys to encrypted data when they request the keys, without lawful excuse, is a crime, with jail time for contempt of court being an option. That's immediate jail time.I'm not aware that it's been tested in court yet ; the meaning of "lawful excuse" hasn't bee

with a network of computers fast enough it is possible to decrypt the data using every possible encrypt key.

Even if that network were available today, and even if you didn't have the option of using a longer key, encrypting would still be a good idea. "A network of computers fast enough" is not free. Why not add to your enemies' expenses, especially when it costs you nearly nothing? This is an arms race that you can win. And if everyone does it, everyone wins (except the bad guy).

It costs them very little to hold a gun to your head and demand "Hand over the encryption keys."

I wouldn't be surprised if encryption starts becoming the norm, that all encryption keys will be required to be registered with the government. Unregistered encryption will be illegal and the public will applaud as the government sends the men with guns to drag you away, because you will be a "dangerous criminal with suspected connections to child porn and stolen credit card numbers" * * This is how it will show up on your local Evening News.

It costs them very little to hold a gun to your head and demand "Hand over the encryption keys."

It actually costs quite a bit to do something like this. You really have to have people in your pocket to be able to pull off stuff like that. Seriously. What are they going to do once they have the gun to your head? Pull the trigger? That's when the real revolution begins. People will only accept so much.

I know that I'm going to be flamed by a bunch of libertarians by saying this, but how long ago was 1984 written? 24 years past the apocalypse and I'm still doing fine.

When gov't gets a wild hair up their ass, nowadays they don't round up entire neighbourhoods. They instead concentrate on a few select individuals. All well and good if you're not one of those individuals... which can be unfortunately rather random, and can nail you even if you had nothing to do with whatever "threat" is the bogeyman this week.

Seriously. What are they going to do once they have the gun to your head? Pull the trigger? That's when the real revolution begins. People will only accept so much.

If that gun is a Taser, then yes they will pull the trigger, probably after you are already handcuffed. It is a great way to cultivate an attitude of compliance, regardless of things like right and wrong. [wordpress.com] Notice how the author of the linked article urges people to never challenge a police officer. I agree that one should never physically challenge an officer, but the serf mentality has progressed into not even verbally questioning an officer's actions, all because of the increasing likelihood of getting tasered. No my friend, the police pull the trigger all the time, there is no revolution.

What are they going to do once they have the gun to your head? Pull the trigger? That's when the real revolution begins. People will only accept so much.

In China they did and still do exactly this. You're causing minor annoyances, you're condemned to 20 years of torture at a political prison. You continue being annoying, they shot your neck (100% guaranteed to kill), then bill your family for the execution costs.

Listen, most people aren't revolutionaries. They only want to go along with their lives. Revolutions don't happen when "the people" rise. Revolutions happen when "a group" intent in taking power rise. Sure, "the people" in general must be willing to

Maybe so, but with the amount of data they're talking about, you'd need more than a couple of beowulf clusters to get the encrypted data processed in any reasonable amount of time. Data collected will be measured in terabytes, and even if ten percent of that is encrypted traffic, the encrypted bits will take either a lot of equipment or a lot of time.

Theoretically, breaking ANY encryption (except properly used one time pads) is nothing more than a math problem. That does not mean it is currently practical.

While 64-bit keys can be broken by specialized hardware (EFF's deep crack or the COPACOBANA) or distributed networks in a relatively short time, a 128 bit key is not merely twice as hard. It's 2^64 times as hard. Each additional bit doubles the keyspace, and thus the time (or processing power) required for a brute force search.

...if more people did it, massive data collection projects like this would be a lot less worthwhile.

...until governments begin outlawing network encryption, that is.

I doubt it would happen (VPN's, SSL and such being big fat obvious reasons), but I could see a government or two requiring all encryption users to hand over copies of private keys and to register their encryption tools/mechanisms with the local police department.

Word 64 on page 300 of the 3rd book on the 2nd shelf at the Cleveland Public Library. Word 6 on page 23 of the 9th book on the first shelf at the Los Angeles Public Library. Man, this is tedious. Maybe I'll just walk over and tell 'em!

But if _everyone_ is using encryption, how will they know what's worth looking at to demand the keys? Demanding keys from a large number of people will (hopefully) lead to a bit of resentment, which will of course force this to be repealed, in line with the demands of the populace. A bit like speed cameras,fuel tax, alcohol tax, and foxhunting...

You're right, Part III of the Regulation of Investigatory Powers Act does indeed allow for compulsion in dissemination of keys.

That's why it is important not to store anything sensitive in encrypted form, but to pass it about using methods where keys are ephemeral and are never in the possession of the person targeted. If intercepted data simply cannot be decrypted, the authorities will come to understand that they are unable to seize anything of value.

Perhaps this would be enough to get them down from their insane power trip and back to sensible levels of state vs individual power.

As I recall, that law says that if the person doesn't have the keys, tough shit for them, they can sit in jail til they come up with said keys, up to five years.

So far the gov't hasn't done a good job of understanding that cameras on every corner don't gain them anything; I just don't seem them figuring out that collecting a bunch of encrypted data, and holding people ransom for keys that don't exist, is even more futile.

That's why I advocate people using PK even when they don't have a trust path to the recipient. Yes, they can MitM you (until you get around to a secure exchange -- and then you know that someone had been messing with you earlier) but you still kill cheap passive surveillance -- you're making them MitM you. If more people did that, Big Brother would be fucked.

Get on the Wot when you can. Until then, though, encrypt anyway. Get your key out there where we can all see it. Certing can wait.

Humans have an annoying tendency to save things.We fear our own demise, and we seek permanence in our surroundings and possessions.

We do the same with data.

We create far more data than we will ever be able to manage. In principle, it's a horrible idea. In practice, it's unfeasible. The only thing this will result in is harassment and inconvenience for people when the data is leaked/stolen/hax0red.

The government is NOT watching everyone - they can't. The government wants you to THINK everyone is being watched.

The problem is not that they WILL inspect all data, but that they CAN. Once it's enshrined in law that the govt has the right to snoop on every communication you have, you have no comeback. It's a significant step - some might say THE step - towards a totalitarian police-state.

It's not unfeasible for the government to start maintaining an SMS-text dossier on every citizen, for example - just try encrypting those. And that's just with current technology. The proposal will only become more invasive and far-

No, what is worrysome is they assume that everyone could be a terrorist. If we assumed everyone within a 20 block radius was a murderer, real murder cases would take forever to be solved. Same with this, if everyone is a terrorist, they look for all the people who are obviously not terrorists and try to make them be a terrorist rather then actually figuring out who really are terrorists (and no, 80 year old English grandmothers are not terrorists).

The eternal optimist in me feels some will see this as a step too far.

Oh, I would think that's a fairly safe bet. The Information Commissioner will be all over it, and the public profile of his department is rising every time he speaks these days. The courts will be all over it, since blanket surveillance is going to be just a little difficult to reconcile with article 8 of the European Convention on Human Rights. The Opposition are already all over it, since any sort of claims about adequate data protection by the government are a joke thanks to repeated media coverage of numerous major leaks in recent months. Speaking of the media, they'll love this too, as it's another good opportunity to bash the government while it's down. And all of those are before we even get to the practical issues like who is going to pay for all of this and the overheads it would impose on service providers, presumably at their own expense if historical moves are anything to go by.

Finally, of course, we have the guy in the street who gets to vote, and he's becoming a lot more aware of privacy and data protection issues at the moment. Fortunately, the government will probably be so busy looking for a new Prime Minister and Chancellor of the Exchequer after the summer recess that they won't be able to do much about this, and they're toast at the next general election anyway since it's pretty hard to find any major group of voters they haven't seriously upset lately in one way or another.

The eternal optimist in me feels some will see this as a step too far.

Eventually something so repugnant will happen that all of this will be swept away. The shame of it is that it will take that repugnant event. In the US we went through a lot of this during Vietnam and the civil protests - eventually the FBI and CIA were raked over the coals for excessive surveillance of US citizens.

Now I think we are going through the same cycle again - and the result will be the same.

But then they showed how well they had learned their mistake under Blair by keeping Labor in power. Truly, to paraphrase Mencken, they are getting what they want and getting it good and hard.

Wow, you are truly ignorant. Of the votes cast, 37% went to labour. Reread that number. 37%. The voting system is hoplessly biased, so naturally the people that it favours will never remove this bias. So tell me, what part of 37% makes it apparent that we wanted labour?

Wow, you are truly ignorant. Of the votes cast, 37% went to labour. Reread that number. 37%. The voting system is hoplessly biased, so naturally the people that it favours will never remove this bias.
And how, pray tell, did a left-wing party that was dominated by a man who dragged your country into a war that was wildly unpopular get 37% of the vote? The Republicans were not as bad as Labor, and have gone from a fairly solid majority of our entire body politic, to being steadily ousted in each congression

Either labor is entirely supported by the dregs of British society that depend on the welfare state, or there is a lot of bullshit from leftists in Britain.

I'd say it's more likely that their supporters are ignorant and short-sighted, fell for the war and terror rhetoric, and don't really care until it hits them in the wallet. I don't really think that that makes them left, but "New Labour" is determined to blur that distinction anyway.

The proof of this is evident: It has now hit the voters in the wallet, and Labour's support is now in the toilet.

Labour party seats tend to be in high density council housing, while Conservative seats are in rural or suburban seats. Since the electoral commission tries to keep the proportion of the population represented by each MP at around 40,000 - 50,000, this means that Labour gets more MP's, even though a demographic map of the UK shows the majority of the country supporting the Conservatives. At the same time, Labour are encouraging the conversion of suburban housing into high density housing through the use of

Less than 30,000 people voted for Tony Blair. Other people voted for other Labour MPs, and most of them did that because they are old enough to remember the last time the Conservatives were in power and it makes them shudder.

The Lib Dems are a joke, and always have been. They and their predecessor party have not so much as sniffed power in 80 years.

There are entire sections of Britain that were so badly and totally screwed by Maggie Thathcher and the conservatives that they've refused point blank to vote Tory for the last 25 years. With the rural southern vote guaranteed to make large swathes of the countryside Tory, regardless of the merits of any particular MP, that wraps up about 50% of the vote, even when both party leaders are frankly scary men - Michael Howard was a BAD choice as tory leader, he reminded people of the bad old days.

The first past the post system used in the UK is pretty dismal, I actually think the number who voted labour in 2005 is closer to 35%; but nevertheless Labour received more votes than any other party at the last general election, in any electoral system they would still have been a major part of the government.
Any way that you look at it that's still 35% of the voting public who are prepared to vote for a murderous war criminal who's been systematically dismantling civil liberties since 97. That's frighten

But then they showed how well they had learned their mistake under Blair by keeping Labor in power.

Oh, come off it. At the last election, the Labour Party came second in England. They only took power again because of the Scottish vote, and Scotland is not affected by several of Labour's more heinous policies because of devolution. In fact, only 22% of the electorate (37% of those who actually voted) supported Labour, which makes the absolute majority they received in Parliament an obscenity.

And that was when they still said Blair would serve a full third term, not the current administration who have no l

A centrist party would be left of all the major parties in Britain now, since politics went Thatcherite. This is why there is such a low turnout.

Every party is now about hammering the working class to give the rich a tax break. Every party is now about punishing single parent families for being single parent families. Every party wants the rest of the country to bend over and take it up the arse just to keep the City sweet.

I've often wondered if there is a way to make disturbing draconian legislation like this and turn it around. I think that there is - radical transparency in government. Allow every government agency access to the public's SMS and email data, but in conjunction publish the SMS's and emails of every government employee, so the public has access to them. If there is no right to privacy, and they are doing nothing wrong, they should have nothing to fear right? On another note completely - what is the over under on how long till this is abused (and they get busted)? I have 3 weeks.

My friend in London is being snooped upon 300 times a day already by videocams. Now that her internet usage will be recorded we can only hope that authorities attempting to coordinate the two will use the Last Hope for Freedom: Windows.

At least the UK gov't has the decency to tell its citizens they're being spied on. I assume everything I do is being monitored by SOMEONE. The time is long overdue to build public key encryption into our devices.

Remember folks, even if you aren't in the UK, this still affects you! If you communicate with people in the UK, if you have email based in the UK (I have a Yahoo.co.uk email address, in addition to my 50 other email addresses...), etc....

It is as simple as installing Firefox, installing GNUPG, and installing that extension that lets you encrypt text fields when you are emailing...

And don't forget TrueCrypt http://truecrypt.org/ [truecrypt.org] though it isn't strictly relevant in this case, it is always relevant.

Except that RIP [wikipedia.org], passed in 2000 (yes dear, pre-911) means you go to jail if you refuse to divulge your keys when asked (and if you let anyone else know that you've done so, even passively, e.g. by no longer replying to emails. Some of us protested about this at the time, and oh! how the tin-foil hat jokes flowed, yea verily even here on Slashdot if I remember right. And in real life - it was more a case of backing away carefully whilst smiling cheerfully and maintaining eye contact.

Don't put your faith in tories, behind each one of those old school ties beats the black heart of a fascist. They are only opposing this legislation whilst in opposition as a mercenary attempt to gain votes.

While i agree 100%, and *we* will do it, the problem is the other end. Unless encryption is turned on by default, and installed automatically the average joe will not be doing it, and with 1/2 the link unencrypted its completely open in effect.

Full disk encryption should be standard as well.

This isn't just the UK, remember most governments are already snooping.

The Conservatives have criticised the idea, with the Shadow Home Secretary saying, 'yet again the Government has proved itself unable to resist the temptation to take a power quite properly designed to combat terrorism to snoop on the lives of ordinary people in everyday circumstances.'"

The USA already did that, just not on the same scale.

If a law doesn't say "only to be used for purpose X" then assume it will be *(ab)used as widely as possible.

The Conservatives have criticised the idea, with the Shadow Home Secretary saying, 'yet again the Government has proved itself unable to resist the temptation to take a power quite properly designed to combat terrorism to snoop on the lives of ordinary people in everyday circumstances.'"

An of course, once they are in power, they will stop the data logging? - or will they conveniently forget and keep it going?

A few years ago then Home Secretary David Blunkett tried something similar with the RIP Act, which would have given these kind of powers to bodies as obscure as parish councils. He said it wasn't until his son (an IT consultant) sat down and explained the problems this could cause that he dropped the plans.

Even if such a plan were possible as the one proposed it would run into massive opposition, not just from the other two parties but from ISPs, phone companies et al. With Labour as weak politically as they are now I hope this one will be a dead duck.

Bear in mind as well that these documents always over egg the pudding so that some areas can be dropped as concessions. Nevertheless I'll be writing to my old MP laying out the reasons why this is a stunningly bad idea.

What the hell is up with the UK Government that they constantly are all about shitting all over peoples' rights to privacy (perceived or otherwise)? It's like every few months there's some new story about the insane ideas they've come up with most recently about how to become as Orwellian as possible or something. These tards of narrow perspective need to take a step back and stop making national unilateral decisions (or proposals) based on their power-centric views that are endlessly apathetic/indifferent towards the thoughts and feelings of "the people". Even though I single out the UK government here because it's on-topic to the story, this seems to be a trend that's just about constant with the so-called "civilized world". I can see it doing no more than alienating the crap out of the general populous.

I don't care if the Gov't snoops on my internet traffic, I hope they don't get too bored reading my drivel.

What disturbs me about this is that it's my taxes that pay for this crap. I'd prefer them to spend it on something that's worthwhile, something that may be to my benefit - like roads, sewers, hospitals and ambulances. Instead Gorden Scunner Broon and his unelectable cretins (aka MPs) do this in the name of "National Security". This won't make an iota of a difference to national security.

They're also proposing to give us all biometric ID cards to improve national security. Sorry I meant force us to pay nearly a hundred quid each for a Gov't issued piece of useless plastic. That won't make an iota of a difference either.

They'll have a national database with stuff about each one of us. That won't make an iota of a difference for national security. It'll just be another expensive white elephant and another opportunity for them to lose a couple of CD-ROMs in the post.

I won't vote for Broon. I'll be voting for anyone other than Broon and his cronies. I won't have an ID card. I don't want email snooping.

Sure they want to spy on us, but what happens when you put a camera on police and record there actions? They don't like *that* very much do they.. people who *do* record the police often find themselves arrested for --insert bogus reason here-- and their camera blank when they get out of jail in a few hours with no charges filed against them.

If the state can record and monitor the actions of the people, but the people are unable to monitor and record the actions of the state.. then who exactly is master of whom?

...but I do recall reading something quite recently about another project where data/video was being archived "to be used to fight terrorism". The powers that be swore up and down that it would not be abused. And months later it was being used by an automated system to issue parking tickets in an effort to boost revenue.

If this goes through, it will not take very long at all before the data is being used, whether by an authorized user or otherwise, for any or all of the following:

Monitoring peoples' use of Internet at work for personal stuff

Snitching to human resources departments which potential hires use online pornography, or were not at their doctor's office when called in sick

Catching undeclared personal income earned through online activities

Analyzing friend network patterns on social networks to detect "potential" drug dealers, leftists, other people the government doesn't like

Considering all the stories you hear of UK government IT projects going massively over budget, failing in spectacular ways, and often getting canned completely, i seriously doubt they will be capable of constructing a system capable of doing this that actually works.

But more to the point, you have got something to hide, everybody does. Who hasn't broken the law at one stage or another? Speeding? Jaywalked? Partaken of some illicit substance? Blasphemed? (You know why Mary was a virgin? She only had anal sex.) You get the idea, everyone is guilty of something, and that means everyone has something to hide from the government.